Friday, November 29, 2002, 4:58:02 PM, you wrote:
GS> I was just going through the archive.  Seems this comes up enough for me 
GS> to think I have something wrong.
GS> A simplistic code flow of events...
GS> <?php
GS> session_start();

GS> // user successfully logs in, set a session variable
GS> $_SESSION['user_id'];

GS> // when the user logs out, destroy session and redirect to top
GS> $_SESSION = array();
GS> setcookie(session_name(), '', time() - 3600);
GS> session_destroy();

GS> header('location: back_to_top');


GS> Ok, so when the user logs in, a session id is assigned to them.
GS> When they log out and are redirected to the beginning, the session id is 
GS> the same (verified by the file name in /tmp and cookie manager in mozilla).
GS> My question is, even though the session contains no data after its 
GS> destroyed, should the session id remain the same, after logging out,
GS> or should another be assigned when session_start() is called after the 
GS> redirect???

The browser will send the old cookie and as the name is probably the same as the
the old session it will get used again, or at least I think that is what is
happening :)
This should not be a problem as the data associated with the old session is
If you close the browser and start a fresh one you will get a new session id.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to